Skip to content
Tenable.io to Google Cloud Security Command Center Bridge
Python Shell
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
tenable_cscc
tests
.gitignore
CHANGELOG.md
README.md
install-tenable-cscc.sh
setup.py
test-requirements.txt

README.md

Tenable.io -> Google Cloud Security Command Center

This tool is designed to consume Tenable.io vulnerability data, transform that data into the Google Security Command Center format, and then upload the resulting data into Google Security Command Center.

The tool can be run as either as a one-shot ingest or as a continuous service.

Requirements for use

  • API Keys for a service account in Tenable.io that can use the Exports API (Generally an Admin User)
  • Service Account within Google Cloud that has the required permissions to edit findings and state (Security Center Findings Editor, and Security Center Findings State Setter roles).
  • A host to run the script on that can run a Python 3.x environment. As this bridge talks cloud-to-cloud, where it is located does not matter.

Installing

pip install tenable-cscc

Setup

  1. Add the Tenable.io CSCC Service from the Marketplace
  2. Copy the source id that was generated (we will use this later)
  3. Create a service key for the account that was created
  4. Create a new VM Instance to store the integration (Debian 9)
  5. Download the installation script: curl -o installer.sh https://raw.githubusercontent.com/tenable/integration-cscc/master/install-tenable-cscc.sh
  6. Run the installer chmod 755 installer.sh && sudo ./installer.sh
  7. Copy the service key onto the host (such as /etc/google-account.json).
  8. Update the variables within the /etc/tenable-cscc.conf file.
  9. Start the service sudo systemctl start tenable-cscc

Options

The following below details both the command-line arguments as well as the equivalent environment variables.

Usage: tenable-cscc [OPTIONS]

  Tenable.io -> Google Cloud Security Command Center Bridge

Options:
  --tio-access-key TEXT           Tenable.io Access Key
  --tio-secret-key TEXT           Tenable.io Secret Key
  -b, --batch-size INTEGER        Export/Import Batch Sizing
  -v, --verbose                   Logging Verbosity
  -s, --observed-since INTEGER    The unix timestamp of the age threshold
  -r, --run-every INTEGER         How many hours between recurring imports
  -t, --threads INTEGER           How many concurrent threads to run for the
                                  import.
  -s, --service-account-file PATH
  -i, --service-id TEXT           The GCP CSCC Source ID
  --help                          Show this message and exit.

Usage

Run the import once:

tenable-cscc                                    \
    --tio-access-key {TIO_ACCESS_KEY}           \
    --tio-secret-key {TIO_SECRET_KEY}           \
    --service-account-file {SA_JSON_FILENAME}   \
    --org-id {ORG_ID}

Run the import once an hour:

tenable-cscc                                    \
    --tio-access-key {TIO_ACCESS_KEY}           \
    --tio-secret-key {TIO_SECRET_KEY}           \
    --service-account-file {SA_JSON_FILENAME}   \
    --org-id {ORG_ID}
    --run-every 1

Changelog

Visit the CHANGELOG

You can’t perform that action at this time.